If someone writes a URL and tries to jump the login page, how can I check that and redirect him to the login page? You seem to using homegrown authentication. In that case, you need to implement a servlet filter. JSF stores session scoped managed beans as attributes of HttpSession, so you could just check … Read more
I was able to reproduce your problem. What is happening here is that the container invokes a RequestDispatcher#forward() to the login page as specified in security constraint. However, if the login page is by itself a JSF page as well, then the FacesServlet will be invoked as well on the forwarded request. As the request … Read more
To handle the exception whenever the user invokes a synchronous POST request on a page while the HTTP session has been expired and the JSF view state saving method is set to server, add an <error-page> to the web.xml which catches the JSF ViewExpiredException and shows the home page. <error-page> <exception-type>javax.faces.application.ViewExpiredException</exception-type> <location>/home.xhtml</location> </error-page> To handle … Read more
This will happen if the client side state is encrypted by one server and decrypted by other server and the servers don’t use the same AES key for this. Normally, you should also have seen below warning in server log: ERROR: MAC did not verify You need to ensure that you have set jsf/ClientSideSecretKey in … Read more
First of all, the Mojarra implementation unintentionally swapped the meaning of those context parameters. So if you have the impression that the description is exactly the other way round than what the literal context parameter name implies, then this is indeed true. com.sun.faces.numberOfLogicalViews This is basically GET request based. Every GET request creates a new … Read more
Exceptions which are thrown during ajax requests have by default totally no feedback in the client side. Only when you run Mojarra with project stage set to Development and use <f:ajax>, then you will get a bare JavaScript alert with the exception type and message. But other than that, and in PrimeFaces, there’s by default … Read more
Introduction The ViewExpiredException will be thrown whenever the javax.faces.STATE_SAVING_METHOD is set to server (default) and the enduser sends a HTTP POST request on a view via <h:form> with <h:commandLink>, <h:commandButton> or <f:ajax>, while the associated view state isn’t available in the session anymore. The view state is identified as value of a hidden input field … Read more